Organizations apply configuration management (CM) for establishing baselines and for tracking, controlling, and managing many aspects of business development and operation (e.g., products, services, manufacturing, business processes, and information technology). Organizations with a robust and effective CM process need to consider information security implications with respect to the development and operation of systems including hardware, software, applications, and documentation.  Effective CM of systems requires the integration of the management of secure configurations into the organizational CM process or processes. For this reason, federal agencies and federal contractors need well-written configuration management plans. Metis Defense can assist.

Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. External stakeholders and customers of DHS may find this generic definition better suited and adaptable for their organization’s use. Metis Defense has years of experience developing highly customized insider threat programs for organizations of all sizes.

Information systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., equipment destruction, fire). Much vulnerability may be minimized or eliminated through management, operational, or technical controls as part of the organization’s resiliency effort; however, it is virtually impossible to completely eliminate all risks. Proper contingency planning is designed to mitigate the risk of system and service unavailability by providing effective and efficient solutions to enhance system availability.  Metis Defense has years of experience developing highly customized contingency planning programs for organizations of all sizes.

A strong IT security program cannot be put in place without significant attention given to training to all employees regarding security policy, procedures, and techniques, as well as the various management, operational, and technical controls necessary.  Moreover, personnel in charge of actually managing infrastructure need to have the necessary skills to carry out their assigned duties effectively. Failure to give attention to the area of security training puts an organization at risk. Metis Defense has years of experience developing highly customized security awareness and training programs for organizations of all sizes. 

Supply Chain Risk Management is a systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).

Technical Surveillance Countermeasures (TSCM) are the techniques to detect, neutralize, and exploit technical surveillance technologies and hazards that permit the unauthorized access to or removal of information.

Training developers on critical software development measures is a must in today’s world of growing cybersecurity threats.  Metis Defense has years of experience developing highly customized software developer training programs for organizations of all sizes.

CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies.  CUI is not classified information. It is not corporate intellectual property unless created for or included in requirements related to a government contract.